Skip to navigation
Latest News

Google pulls SMS trojans from Market

Android

By Stewart Mitchell

Posted on 13 Dec 2011 at 08:58

Google has been forced to remove a series of premium rate apps from its Android Market after user complaints.

According to security experts, Google has taken the apps offline, but not before they were downloaded by unsuspecting users, with the apps reportedly sending premium rate texts.

Posing as free-versions of popular games - including Cut the Rope, Need for Speed and World of Goo - the SMS dialler was published under accounts named Logastrod and Miriada Production.

Both Market accounts have since been closed, but according to security experts the apps mark a new stage in Android malware because of the global reach of the operation.

“In the past, all of the premium rate SMS trojans that we've actively encountered have targeted Russia,” said security company F-Secure in a blog. "These trojans are targeting 18 countries.”

The UK, France, Germany, and Poland were among the countries targeted.

Red faces

The premium rate issue comes at a bad time for Google's Android, which has been criticised by the security industry over what it considers lax oversight of the Android Market.

While Apple uses a strict vetting process, Google relies on takedown requests if apps are reported after publication.

The revelation comes at a particularly embarrassing time for Google after senior open source employee Chris DiBona blasted mobile security companies as "charlatans and scammers" for selling antivirus protection he claimed was unnecessary.

We are waiting to hear back from Google regarding the takedown.

Is your business a social business? For helpful info and tips visit our hub.

Subscribe to PC Pro magazine. We'll give you 3 issues for £1 plus a free gift - click here
User comments

I hope Google introduces even basic screening for apps because clearly displaying permissions alone aren't good enough.

BTW, I'm not saying they should clamp down like Apple, just screen apps for malicious things.

By tech3475 on 13 Dec 2011

Permission

Would the rogue apps have to ask for permissions to send sms on installation? I'm guitly of not checking but perhaps potentially risky permissions should be highlighted better?

By NR5674 on 13 Dec 2011

I read the permissions before installing apps. but would like to see an ability to block apps from doing certain things once installed. An execution control list per app? Also would it be too hard for the Android OS to ask the user for permission to complete an action that may cost. (with a tick box for never asking again of course)

By selwe11 on 13 Dec 2011

Permission

It lists the permissions, but if the person hasn't noticed that the copy of Angry Birds he is currently downloading doesn't come from Rovio (and doesn't have several million downloads), then he probably isn't going to pay much attention to the permissions either - if he even understands them.

For instance, a lot of games "need" geolocation information. No they flaiming well don't! That should be an option, which as selwe11 says, the user should be able to select, whether that permission is enabled or not for the app.

As to Chris, the biggest problem was, the last time the Android anti virus solutions were independently tested all of them found between 0% and 2% of malware samples they were given!

A solution to a problem that doesn't exist? Not exactly, but a completely ineffectual solution. To be honest, I'd rather use no security software, at the moment, and be aware that I have to be careful.

Android security software is like trying to have safe sex using a condom made of tissue paper!

By big_D on 13 Dec 2011

I'd like it to work like a firewall, you receive a notification when the app is trying to do something like make a call or send a msg and costs could be associated etc.

By Deano on 13 Dec 2011

Permission

I probably don't know enough about this issue as i've only owned a mobile phone for the last 6 months (HTC Wildfire), but that said, one thing that has struck me and confuses the hell out of me as a long time PC user is how in hell is anyone supposed to tell the difference between a "safe" app and a "malicious" app when, as far as i can tell, 'all' apps have a 'permission' requirement that in one way or another that i would never allow on my pc.

i.e. Either you accept that 'apps' have 'permissions' you wouldn't otherwise accept on another device, or you have no 'apps' at all.

By pentlands on 13 Dec 2011

Apologies for the poor structure of my post.

Note to self: Compose in Notepad, then cut & paste into PC Pro's tiny little comment box the next time.

By pentlands on 13 Dec 2011

@pentlands

The only real way is to research, unfortunately.

If you are downloading "Evernote", ensure it comes from Evernote Corp.

If you are downloading "Angry Birds", make sure it comes from Rovio etc.

If you aren't sure who makes the app, do some background research or go by the reviews, if the apps has thousands of good ratings, it is probably a good app...

It is a pain and a real problem with the Android eco-system, but there isn't currently a way to avoid knowing what you are doing, when downloading.

By big_D on 14 Dec 2011

Leave a comment

You need to Login or Register to comment.

(optional)

advertisement

Most Commented News Stories
Latest Blog Posts Subscribe to our RSS Feeds
Latest ReviewsSubscribe to our RSS Feeds
Latest Real World Computing

advertisement

Sponsored Links
 
SEARCH
Loading
WEB ID
SIGN UP

Your email:

Your password:

remember me

advertisement


Hitwise Top 10 Website 2010
 
 

PCPro-Computing in the Real World Printed from www.pcpro.co.uk

Register to receive our regular email newsletter at http://www.pcpro.co.uk/registration.

The newsletter contains links to our latest PC news, product reviews, features and how-to guides, plus special offers and competitions.